- Take Care With Passwords
- Use Good Ones
- Don't Use Real Words
- Make Sure They Are Not Easily Guessed
- Use Combinations Of Upper and Lower Case, Numbers, Punctuation
- One Method: Take first letter of a sentence or book title, insert numbers and punctuation.
- Use Shadow Passwords
- Allows encrypted passwords to be in a file that is not world readable
- Use Password Aging
- Requires shadow passwords
- Restrict Superuser Access
- Restrict where root can log in from
- /etc/securetty restricts root access to devices listed
- Use wheel group to restrict who can su to root
- Haven't gotten this to work. Supposed to put users who can su to root in wheel group in /etc/group file.
- Use groups to allow access to files that must be shared
- If you don't do it, your users will set world permission
- Be careful with SUID and SGID
- Don't set executables to SUID root unless you have to
- Wrap SUID root wrapper around programs if they must be run SUID root
- Create special accounts for programs that must run with higher permissions
CLUG HOME
| Events
| Directions
| Members
| Mailing Lists
(archives,
FAQ)
Resources
| Search
| Library
| Presentations
| Contributions
| Bylaws
| Board Minutes